[Zope] Acquisition / proxying object
Dieter Maurer
dieter at handshake.de
Wed Feb 27 13:56:03 EST 2008
Joerg Baach wrote at 2008-2-25 19:45 +0000:
> ...
>I am trying to have a folderish object that acquires from a user object
>(ldapuserfolder). It should have its own properties and contents, but
>fall back to the ones of the ldap user.
>
>I have created an object, extending Folder, and it behaves nicely in
>zopectl debug. When I try to access it through e.g. a python script I
>get an:
>
>Error Type: Unauthorized
>Error Value: Unable to find __roles__ in the container and the container
>is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at
>/testfolder/ldapproxy), denied.
When you access attribute "x" (with value "xv") on object "o",
Zope will first check whether "xv" has security declarations (more
precisely, a "__roles__" attribute). If it has, they are used.
Otherwise, Zope checks for "o.x__roles__". If found, they are used.
Otherwise, "o.__roles__" may be examined (under some circumstances).
Note that for most security declarations,
"o" needs to be fully acquisition wrapped.
Otherwise, there may be two problems:
* Zope cannot find the information to map permissions to roles
(as this mapping is defined on the acquisition path leading
to the root)
* "o" does is not "covered" by the user folder which
has identified the current user.
A user has only special roles on objects "covered" by
its user folder.
A object is "covered" by a user folder, when the object
lies in the subtree rooted in the user folder's container.
--
Dieter
More information about the Zope
mailing list